The CEH (Certified Ethical Hacker) certificate is without doubt one of the most heavily discussed security certificates in the english-speaking world, which was one of the reasons why I was curious about it and what challenges I will face with it. As the topics to be covered are very broad based on their published course outline, I was at first skeptical if everything would be covered in enough detail in order to pass the CEH exam successfully.

As questions about CEH pop up every few days, both general ones or in particular about preparation and revision, I hope that this review will help to answer a few of them as well as introduce all of you to EC-Council’s own training named iClass. As they describe it:

Thanks to Donald C. Donzal and The Ethical Hacker Network, I got the opportunity to attend live, online-based training from EC-Council for the CEH (Certified Ethical Hacker) certification. The online-training, which goes by the name iClass, can be attended in two different ways:

1) iWeek: iWeek offers the course in a five day format, which is similar to most bootcamp-style offerings of this courses. From 8am until 4pm, this option basically requires the whole day for training and exercises.
2) FlexClass: FlexClass distributes the course over five weeks, two days in each week (Tuesday and Thursday) for four hours (4pm – 8pm). The advantage of this mode is that the training can be attended, even if one can’t take off for a whole week.

Note: On the decision, which mode one should take, the time zone should be considered as well – MDT (Mountain Daylight Time (UTC -06:00)).

Normal price for each mode is $2,895 (~ 2020 EUR) or $2,495 (~ 1740 EUR) for early registration.

Both options are held through the Internet, where GoToMeeting (http://www.gotomeeting.com/) is used. The instructor can show his Desktop and demonstrate the many things which are necessary for the course. Communication can be done via headset or chat.

As my time was only limited, I headed for the FlexClass option.

Together with the course, the students received five bulky books (3x Curriculum Courseware Volumes, 2x Lab Manuals) as well as DVDs with the course materials (Presentations, Whitepapers, Tools, etc.) plus the images for VMware or VirtualBox. Additionally a certification exam voucher, which allows for one try for the exam, and a CEH t-shirt was shipped all in an EC-Council backpack. The courseware will be discussed later in more detail.

After a short introduction of the course participants and the instructor, who was Eric Reed, the training was off and running. The training was mostly in the same order as given on the official website. As the time of the course was limited, all self-study modules which were not needed for the exam were left out. Therefore, modules which were important for the exam could be studied more intensely, and more time was dedicated for questions and problems from us. Our instructor was very considerate and adjusted to us very well.

After each training unit we were given a small homework assignment, where a certain number of exercises from the Lab Manuals had to be completed (which should be quite a bit more comfortable in FlexClass than in the iWeek format). If any problem occurred, we were also given the option to contact our instructor via email, though, I have to admit, that most often no immediate answers were given. The questions or problems were eventually discussed within the next training lesson.

Study Materials

I used the Official Lab Manuals and DVDs for the homework. They were so far ok. Nothing special or outstanding, but ok. Most tools were out of date and some of them are poorly sorted, though those DVDs should save some time as there is no need to search for some of the rare or no longer available tools. Unfortunately some of the DVDs were damaged, as they couldn’t be read – it seemed that other course participants had the same problem.

After a short contact with EC-Council, new DVDs were sent out and worked fine. Alternatively the option was given to download the missing files through FTP. The contact with EC-Council was always very fast and friendly.

Regarding the other course materials I can only tell little, as I used them through the course very rarely. Previously I have read often that they have many errors – not only grammar and typos, but also with regards to content. I can confirm this only partially; therefore, I think that they get updated from time to time and subsequently improve in quality. Though I have to admit in terms of content, often only the included PowerPoint presentations were printed with many screenshots – in-depth explanations were missing.

As a final summation of the materials, I have two thoughts. Instead of the many, many (many) covered tools, I would have wished for more detailed information and explanations and in return discussion about less, but essential tools. Secondly, it seemed as though a leitmotif was missing, as some modules seemed to be without connection and unstructured.

As I read quite a lot about CEH before I attended the class, I would like to recommend some other books which can be used for studying for the exam (especially as people often ask about them):

It should be noted as well that CEH V6 covers the same questions as in V5; therefore, it shouldn’t be a problem that the books are out-of-date.

Conclusion

Altogether I really enjoyed the course. The instructor did a great job and responded to each participant. Since I hadn’t expected too much in-depth explanations from the course (due to the sheer amount of covered topics in CEH), I was not disappointed. Without doubt, many topics could have discussed in more detail and probably should have been; however, I think that everything was at least as much covered as needed in order to pass the exam. As I see the CEH certificate as an advanced entry-level certificate in the IT/Security area, I think the small amount of details used were sufficient.

Personally I feel that I was prepared very well for the exam. As already written, the instructor did a good job, and, although I was familiar with most of the covered topics, a few things were included that I wasn’t aware of before. Besides it was good to hear everything again in a summarized way from an official instructor and to have everything repeated again. This made it easy to keep a positive outcome for the exam always in my mind.

All in all I would therefore recommend the course, especially to all of those readers where their own company would pay for it. For individuals I think it is a little too expensive, as it is an entry-level certificate and basically all covered topics can be learned with self-study. On the other hand, considering that it is an online version of the course and no travel expenses are incurred, it definitely makes it more palatable in this economy.

I hope that this small review could answer some questions. If there are any more questions about this course, please feel free to continue the discussion in the EH-Net Forums Thread associated with this article. This way others can benefit from it as well.

Another EH-Net member, Daniel V. Hoffman, has also written an interesting article about CEH, where the focus lies within self-study. It was written several years ago and covers v4.1 of the CEH exam, but the process still holds up. (http://www.ethicalhacker.net/content/view/54/24/).

Subscribe

Deals for EH-Netters

ALL SANS Coupon Codes End 3-31-2015!! This is your last chance to save as SANS is ending their Partner Program. $200 OFF Any 4-6 Day SANS High-Quality Cyber Security Training Course! Any Format! Use Coupon Code: SANS_EHN200 for SANS 2015 (Orlando) & SANS Security West 2015 (San Diego)

Upcoming Industry Events

InfoSec Southwest 2015 InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of[...]

SANS 2015 Information security training in Orlando, Florida from SANS Institute, the global leader in information security training. This namesake event is SANS largest of the year with 42 Courses, 37 Instructors in 6 Disciplines[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

SANS Security West 2015 Take Cyber security training in San Diego from SANS Institute, the global leader in information security training. At SANS Security West 2015 + Emerging Trends, we offer more than 20 hands-on,[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]